Disable Sending Diagnostic Data to Apple

What the diagnostic disabler for macOS does

This Automox Worklet™ disables the transmission of diagnostic and usage data to Apple on macOS endpoints. By default, macOS is configured to send crash reports, system analytics, and app usage data to Apple to help improve the platform. The Worklet modifies the DiagnosticMessagesHistory.plist configuration file to prevent this automatic transmission.

The Worklet checks the AutoSubmit setting in the CrashReporter folder and disables it if enabled. This prevents Apple from receiving information about system behavior, performance issues, and organizational usage patterns.

Why prevent diagnostic data transmission

macOS endpoints that send diagnostic and usage data to Apple may inadvertently transmit sensitive information about your organization's software, network configuration, and operational patterns. While Apple states this data is anonymized, organizations with strict data sovereignty requirements or compliance obligations cannot tolerate any external data transmission without explicit approval.

Compliance frameworks like GDPR, HIPAA, and FedRAMP require organizations to control and document all external data flows. Diagnostic data transmission to Apple creates an undocumented data flow that may violate these compliance requirements. Disabling this feature maintains data sovereignty and keeps your endpoint telemetry within your organization's control.

How Apple diagnostic disabling works

1. Evaluation phase: The Worklet reads the DiagnosticMessagesHistory.plist file from /Library/Application Support/CrashReporter/ and checks the AutoSubmit value. If the value is set to 1 (enabled), the Worklet identifies that diagnostic transmission is active and requires remediation.

2. Remediation phase: The Worklet updates the AutoSubmit value from 1 to false, disabling automatic diagnostic transmission. It then adjusts file permissions using chmod and chgrp to verify that only administrators can modify this setting in the future, preventing users from re-enabling diagnostic sharing.

macOS diagnostic control requirements

• macOS 10.13 (High Sierra) or later

• Administrator or root-level access on target endpoints

• CrashReporter folder must be accessible at /Library/Application Support/

• Compatible with both workstations and servers

• Supports FixNow for immediate remediation when issues are detected

Expected diagnostic data behavior

After remediation, macOS endpoints stop sending diagnostic and usage information to Apple's servers. The endpoint continues functioning normally without any impact on performance or feature availability. All diagnostic data remains local to the endpoint or your organization's management infrastructure.

The Worklet verifies the configuration change through its evaluation phase. IT operations teams can confirm diagnostic data transmission is disabled by reviewing the Worklet output in the Automox console or checking System Preferences on affected endpoints.

How to validate disable sending diagnostic data to apple changes

1. Run this Worklet on a pilot macOS endpoint and review evaluation output for disable sending diagnostic data to apple.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as exit.

4. Validate remediation effects from script operations such as defaults, chmod, chgrp, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for disable sending diagnostic data to apple. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as exit and remediation operations such as defaults, chmod, chgrp. Use these indicators to verify that endpoint changes match intended policy outcomes.